cvelist/2017/5xxx/CVE-2017-5456.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2017-5456",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Firefox ESR",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "52.1"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Firefox",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "53"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Mozilla"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Sandbox escape allowing local file system access"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "RHSA-2017:1106",
                "refsource": "REDHAT",
                "url": "https://access.redhat.com/errata/RHSA-2017:1106"
            },
            {
                "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/",
                "refsource": "CONFIRM",
                "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
            },
            {
                "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344415",
                "refsource": "CONFIRM",
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344415"
            },
            {
                "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
                "refsource": "CONFIRM",
                "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
            },
            {
                "name": "97940",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/97940"
            },
            {
                "name": "1038320",
                "refsource": "SECTRACK",
                "url": "http://www.securitytracker.com/id/1038320"
            }
        ]
    }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-17 23:19:55 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@mozilla.org",`
			`"ID": "CVE-2017-5456",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Firefox ESR",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "52.1"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "Firefox",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "53"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Mozilla"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Added submission from Mozilla from 2018-06-06. 2018-06-11 13:04:38 -04:00			`{`
"-Synchronized-Data." 2019-03-17 23:19:55 +00:00			`"lang": "eng",`
			`"value": "A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53."`
- Added submission from Mozilla from 2018-06-06. 2018-06-11 13:04:38 -04:00			`}`
"-Synchronized-Data." 2019-03-17 23:19:55 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Sandbox escape allowing local file system access"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "RHSA-2017:1106",`
			`"refsource": "REDHAT",`
			`"url": "https://access.redhat.com/errata/RHSA-2017:1106"`
			`},`
			`{`
			`"name": "https://www.mozilla.org/security/advisories/mfsa2017-12/",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"`
			`},`
			`{`
			`"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344415",`
			`"refsource": "CONFIRM",`
			`"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344415"`
			`},`
			`{`
			`"name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"`
			`},`
			`{`
			`"name": "97940",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/97940"`
			`},`
			`{`
			`"name": "1038320",`
			`"refsource": "SECTRACK",`
			`"url": "http://www.securitytracker.com/id/1038320"`
			`}`
			`]`
			`}`
			`}`